CVE-2008-2592 — SQL Injection in Oracle Database Server

3 documents3 sources

Severity

5.5MEDIUMNVD

EPSS

0.6%

top 30.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Database Server Oracle Database

Timeline

PublishedJul 15

Latest updateMay 1

Description

Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.6 has unknown impact and remote authenticated attack vectors related to SYS.DBMS_DEFER_SYS. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this is a SQL injection vulnerability in the DELETE_TRAN procedure.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 8.0 | Impact: 4.9

Affected Packages2 packages

▶NVDoracle/database_server10.1.0.5, 9.2.0.8+1

▶NVDoracle/oracle_database4 versions+3

🔴Vulnerability Details

GHSA

GHSA-xfv4-x39w-j6q3: Unspecified vulnerability in the Advanced Replication component in Oracle Database 9↗2022-05-01

▶

CVEList

CVE-2008-2592: Unspecified vulnerability in the Advanced Replication component in Oracle Database 9↗2008-07-15

▶